Re: stoping net scans

[=?unknown-8bit?q?S=EAr=EAciya_Kurdistan=EE?= <sereciya@kurdistan.ath.cx>]

Hello,

On Sat, Apr 12, 2003 at 11:50:10AM -0500, Jos? A. Guzm?n wrote:
>  Is there a tool (log monitoring or otherwise) that effectively blocks incoming
> port scans (maybe interacting with iptables)?.

  A properly configured firewall.
 
>  What are you guys using to block incoming port scans?

  See above.  

  The best thing to do is to set up a "statefull" firewall,
  meaning, any outgoing packet originating from you will be
  allowed back in (ie also known as "reflexive" rules).

  I regret that I don't have any examples on hand, good luck ;)
 
-- 
+--------------------------------------------------------------+
| Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijminî  |
|   Riya azadiyê ne hêsan e, hêviya xwe bernedin, dema me      |
|     nêzîk e.                                                 |
|                                                              |
| Hevaltî bi kesên du rû nekin, hevaltî bi hevdu ra bikin      |
|   Ne ji hevaltiya wan kesên pêxwas û rû dirêj, ne bi wan     |
|     kesên xwînperest, ne jî ji yên din.                      |
|                                                              |
|                                   -Sêrêciya Kurdistanî       |
+--------------------------------------------------------------+
  translation provided on request: sereciya@kurdistan.ath.cx